Authenticating a Server Device Using Dynamically Generated Representations

1. A method of supporting authentication of a server device, the method comprising: supplying a user device with a user mechanism which is constructed and arranged to dynamically generate user representations; receiving, at the server device, a request from the user device; and providing a server representation to the user device from the server device in response to the request, the server device being successfully authenticated to a user of the user device when a user representation dynamically generated by the user mechanism matches the server representation provided to the user device, and the server device not being successfully authenticated to the user of the user device when the user representation dynamically generated by the user mechanism does not match the server representation provided to the user device; wherein providing the server representation to the user device includes: obtaining a server password from a server one-time password (OTP) circuit, the server password being based on a particular secret and current time, and the server OTP circuit being constructed and arranged to provide a series of server passwords over a series of predefined time windows, generating the server representation based on the server password obtained from the server OTP circuit, and sending the server representation to the user device; wherein the server OTP circuit is synchronized with a user OTP circuit at the user mechanism so that the server representation matches the user representation when the user representation is generated by the user OTP circuit based on the particular secret and the same current time; wherein the user device has a public key and the server device has a private key, the public key and the private key forming a secure encryption/decryption key pair enabling the server device to securely decrypt encrypted messages sent from the user device over a public network; and wherein generating the server representation based on the server password obtained from the server OTP circuit includes (i) obtaining an encryption result from encrypting the server password using the public key and (ii) deriving the server representation based on the encryption result.

2. A method as in claim 1 wherein the server device includes a database of images which are selectable from the database based on indexes; and wherein deriving the server representation based on the encryption result includes: creating an index based on the encryption result, and selecting, as the server representation, a particular image from the database using the index.

3. A method as in claim 1 wherein deriving the server representation based on the encryption result includes: creating an input parameter based on the encryption result, and forming, as the server representation, a unique graphical pattern having different shapes and different colors, the different shapes and different colors being dependent on a pattern generation algorithm which takes, as an input, the input parameter.

4. A method as in claim 1 wherein deriving the server representation based on the encryption result includes: creating an input parameter based on the encryption result, and creating, as the server representation, a unique character string based on a character string generation algorithm which takes, as an input, the input parameter.

5. A method as in claim 1 wherein the server device includes a database of entries which reference user output and which are selectable from the database based on indexes; and wherein deriving the server representation based on the encryption result includes: creating an index based on the encryption result, and selecting, as the server representation, a particular entry from the database using the index, the particular entry referencing particular user output which includes at least one of an animation, a video clip and a sound clip.

6. A method as in claim 1 wherein the user device runs a browser application; and wherein supplying the user device with the user mechanism which is constructed and arranged to dynamically generate user representations includes: adding a plug-in to the browser application, the plug-in being constructed and arranged to operate in tandem with the browser application to dynamically generate different user representations over the series of predefined time windows.

7. A method as in claim 6 , further comprising: prompting a user of the user device to provide a user password to the server device through the browser application only if the user concludes that the user representation matches the server representation.

8. A method as in claim 6 , further comprising: prompting a user of the user device to provide sensitive personal data to the server device through the browser application only if the user concludes that the user representation matches the server representation.

9. A method as in claim 1 wherein supplying the user device with the user mechanism which is constructed and arranged to dynamically generate user representations includes: providing, to the user, a separate device constructed and arranged to be physically adjacent to the user device, the separate device having a display being constructed and arranged to visually present the user representation to the user.

10. A method as in claim 1 , wherein supplying the user device with a user mechanism includes: providing the public key to the user mechanism, the user mechanism being configured to generate a user representation by encrypting the user OTP with the public key.

11. A method as in claim 1 , wherein the request from the user device is encrypted using the public key; wherein receiving the request from the user device includes: decrypting the request with a private key that forms a public/private key pair with the public key.

12. A method of supporting authentication of a server device, the method comprising: supplying a user device with a user mechanism which is constructed and arranged to dynamically generate user representations; receiving, at the server device, a request from the user device; and providing a server representation to the user device from the server device in response to the request, the server device being successfully authenticated to a user of the user device when a user representation dynamically generated by the user mechanism matches the server representation provided to the user device, and the server device not being successfully authenticated to the user of the user device when the user representation dynamically generated by the user mechanism does not match the server representation provided to the user device; wherein providing the server representation to the user device includes: obtaining a server password from a server one-time password (OTP) circuit, the server password being based on a particular secret and an event, generating the server representation based on the server password obtained from the server OTP circuit, and sending the server representation to the user device; wherein the server OTP circuit is synchronized with a user OTP circuit at the user mechanism so that the server representation matches the user representation when the user representation is generated by the user OTP circuit based on the particular secret and the event; wherein the user device has a public key and the server device has a private key, the public key and the private key forming a secure encryption/decryption key pair enabling the server device to securely decrypt encrypted messages sent from the user device over a public network; and wherein generating the server representation based on the server password obtained from the server OTP circuit includes (i) obtaining an encryption result from encrypting the server password using the public key and (ii) deriving the server representation based on the encryption result.

13. A method for supporting authentication of a server device, the method comprising: providing a request from a user device to the server device; receiving, at the user device, a server representation from the server device in response to the request; and dynamically generating a user representation using a user mechanism which is local to the user device, the server device being successfully authenticated when the user representation dynamically generated using the user mechanism matches the server representation from the server device, and the server device not being successfully authenticated when the user representation dynamically generated using the user mechanism does not match the server representation from the server device; wherein dynamically generating the user representation using the user mechanism includes: obtaining a user password from a user one-time password (OTP) circuit at the user device, the user password being based on a particular secret and current time, and the user OTP circuit being constructed and arranged to provide a series of user passwords over a series of predefined time windows, and generating the user representation based on the user password obtained from the user OTP circuit; wherein the user OTP circuit at the user device is time synchronized with a server OTP circuit so that the user representation matches the server representation when the server representation is generated by the server OTP circuit based on the particular secret and the same current time; wherein the user device has a public key and the server device has a private key, the public key and the private key forming a secure encryption/decryption key pair enabling the user device to encrypt messages and securely send the encrypted messages over a public network for decryption by the server device; and wherein generating the user representation based on the user password obtained from the user OTP circuit includes (i) obtaining an encryption result from encrypting the user password using the public key and (ii) deriving the user representation based on the encryption result.

14. Electronic apparatus, comprising: configuration circuitry constructed and arranged to supply a user device with a user mechanism which is configured to dynamically generate user representations; and a server device constructed and arranged to receive a request from the user device and, in response to the request, send a server representation to the user device, the server device being successfully authenticated to a user of the user device when a user representation dynamically generated by the user mechanism matches the server representation provided to the user device, and the server device not being successfully authenticated to the user of the user device when the user representation dynamically generated by the user mechanism does not match the server representation provided to the user device; wherein the server device includes: a server one-time password (OTP) circuit constructed and arranged to provide a series of server passwords over a series of predefined time windows; and a controller coupled to the server OTP circuit, the controller, when server device sends the server representation to the user device, being constructed and arranged to: obtain a server password from the server OTP circuit, the server password being based on a particular secret and current time, generate the server representation based on the server password obtained from the first OTP circuit, and send the server representation to the user device; and wherein the server OTP circuit is time synchronized with a user OTP circuit at the user mechanism supplied to the user device so that the server representation matches the user representation when the user representation is generated by the user OTP circuit based on the particular secret and the same current time; wherein the user device has a public key and the server device has a private key, the public key and the private key forming a secure encryption/decryption key pair enabling the server device to securely decrypt encrypted messages sent from the user device over a public network; and wherein the controller of the server device, when generating the server representation based on the server password obtained from the first OTP circuit, is constructed and arranged to: (i) obtain an encryption result from encrypting the server password using the public key and (ii) derive the server representation based on the encryption result.

15. Electronic apparatus as in claim 14 wherein the server device further includes: a database of images which are selectable from the database based on indexes; and wherein the controller, when deriving the server representation based on the encryption result, is constructed and arranged to (i) create an index based on the encryption result, and (ii) select, as the server representation, a particular image from the database using the index.

16. Electronic apparatus as in claim 14 wherein the controller, when deriving the server representation based on the encryption result, is constructed and arranged to: create an input parameter based on the encryption result, and form, as the server representation, a unique graphical pattern having different shapes and different colors, the different shapes and different colors being dependent on a pattern generation algorithm which takes, as an input, the input parameter.

17. Electronic apparatus as in claim 14 wherein the controller, when deriving the server representation based on the encryption result, is constructed and arranged to: create an input parameter based on the encryption result, and create, as the server representation, a unique character string based on a character string generation algorithm which takes, as an input, the input parameter.

18. Electronic apparatus as in claim 14 wherein the user device runs a browser application; and wherein the configuration circuitry, when supplying the user device with the user mechanism, is constructed and arranged to: add a plug-in to the browser application, the plug-in being constructed and arranged to operate in tandem with the browser application to dynamically generate different user representations over the series of predefined time windows.

19. Electronic apparatus as in claim 18 wherein the server device is further constructed and arranged to: prompt a user of the user device to provide a user password through the browser application only if the user concludes that the user representation matches the server representation.

20. Electronic apparatus as in claim 18 wherein the plug-in is constructed and arranged to automatically close the browser application after comparison of the user representation and the server representation when the user representation does not match the server representation.

21. Electronic apparatus, comprising: a user mechanism constructed and arranged to dynamically generate user representations; an interface constructed and arranged to communicate with a server device; and a control circuit coupled to the interface, the control circuit being constructed and arranged to: provide a request to the server device through the interface, receive, in response to the request, a server representation from the server device through the interface, and direct the user mechanism to dynamically generate a user representation, the server device being successfully authenticated when the user representation dynamically generated by the user mechanism matches the server representation from the server device, and the server device not being successfully authenticated when the user representation dynamically generated by the user mechanism does not match the server representation from the server device; wherein the user mechanism includes: a user one-time password (OTP) circuit constructed and arranged to provide a series of user passwords over a series of predefined time windows, and an output circuit coupled to the user OTP circuit, the output circuit, when the user mechanism is directed by the control circuit to dynamically generate the user representation, being constructed and arranged to: (i) obtain a user password from the user OTP circuit, the user password being based on a particular secret and current time, and (ii) generate the user representation based on the user password obtained from the user OTP circuit; and wherein the user OTP circuit is synchronized with a server OTP circuit so that the user representation matches the server representation when the server representation is generated by the server OTP circuit based on the particular secret and the same current time; wherein the control circuit has a public key and the server device has a private key, the public key and the private key forming a secure encryption/decryption key pair enabling the control to encrypt messages and securely send the encrypted messages through the interface over a public network for decryption by the server device; and wherein the user mechanism, when generating the user representation based on the user password obtained from the user OTP circuit, is constructed and arranged to (i) obtain an encryption result from encrypting the user password using the public key and (ii) derive the user representation based on the encryption result.